Latest Lexmark printer vulnerability #

Printer manufacturer Lexmark recently published details on a vulnerability that affects over 100 of their printer models. Discovered by researcher Peter Geissler, this vulnerability can be leveraged to achieve unauthenticated remote code execution for an attacker. Firmware across devices in Lexmark’s small/medium business product line and also their enterprise product line have been found to contain this vulnerability.

What is the impact? #

Lexmark assigned a CVSS score of 9.0 (“critical” severity rating) to this vulnerability (tracked as CVE-2023-23560), which allows server-side request forgery (SSRF) via the Web Services feature listening on port 65002 of affected printers. A successful attacker can exploit this vuln in a chain to gain code execution as root on vulnerable devices. Lexmark’s advisory states that, as of last week, they are not aware of anyone currently exploiting this vulnerability, but proof-of-concept exploit code is publicly available.

Are updates available? #

All firmware versions (release numbers 081.233 and prior) for affected printer models contain this vulnerability (CVE-2023-23560). Lexmark has made firmware updates available for each affected device, via release numbers 081.234 and later (see Lexmark’s advisory for specific release version details per affected printer).

If updating firmware isn’t a near-term option for admins/owners of affected printers, Lexmark does offer a straightforward mitigation:

Disabling the Web-Services service on the printer (TCP port 65002) blocks the ability to exploit this vulnerability. The port can be blocked by following process: “Settings”->"Network/Ports"- > "TCP/IP"- > "TCP/IP Port Access" then uncheck "TCP 65002 (WSD Print Service )" and save.

How do I find potentially vulnerable Lexmark printer assets with runZero? #

Please note that the following query relies on you having already performed a scan with our latest Explorer/scanner release (v3.4.22), which now includes the scanning of port 65002. Alternatively, you can perform a new scan using an older Explorer/scanner, just add port 65002 to the Included TCP ports list under the Advanced tab of your task settings prior to running the scan.

From the Asset Inventory, use the following pre-built query to locate Lexmark printer assets which may need remediation:

type:printer AND vendor:Lexmark AND tcp_port:65002
Lexmark prebuilt query is available in the Queries Library

Query results can then be checked against Lexmark's list of vulnerable models and firmware versions.

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find Citrix Virtual Apps and Desktops software on your network
Citrix has released an advisory for two vulnerabilities affecting Citrix Virtual Apps and Desktops software.
Rapid Response
How to find FortiManager instances on your network
How to find FortiManager instances on your network using runZero
Rapid Response
How to find SolarWinds Web Help Desk services on your network
CISA has announced that CVE-2024-28987 is actively being exploited in SolarWinds' Web Help Desk software. Here's how to find potentially affected...
Rapid Response
How to find SuperMicro BMCs
Supermicro released a vulnerability advisory for a critical CVE that allows for remote code execution (CVE-2024-36435). Here's how to find impacted...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved